c8ca8d9bde9a370b407c5b707726d33772f36f1045478c170ff52aacfdd01a31

Analysis

max time kernel
119s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa9760243385b0243db83cef08f94680N.exe
Size

84KB
MD5

aa9760243385b0243db83cef08f94680
SHA1

e75106aa1a811eeab41e8676c285244474d1e07c
SHA256

c8ca8d9bde9a370b407c5b707726d33772f36f1045478c170ff52aacfdd01a31
SHA512

3820624f34e7ccdfbcd6be8c6df210707e6d944947aa48691b81f60c62bd0dc8ca05ed730289ac9939dc7f6a2dfc323591cd641dc56167f76fdf9083a1e3f403
SSDEEP

1536:W7ZppApBULcfpHLcfpyDc7ZppApBULcfpHLcfpyDS:6pWpBwchcwDcpWpBwchcwDS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
2496	Zombie.exe
3828	_OneDrive for Business.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	aa9760243385b0243db83cef08f94680N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	aa9760243385b0243db83cef08f94680N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	Zombie.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	_OneDrive for Business.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	_OneDrive for Business.lnk.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	Zombie.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa9760243385b0243db83cef08f94680N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_OneDrive for Business.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2496	1060	aa9760243385b0243db83cef08f94680N.exe	84
PID 1060 wrote to memory of 2496	1060	aa9760243385b0243db83cef08f94680N.exe	84
PID 1060 wrote to memory of 2496	1060	aa9760243385b0243db83cef08f94680N.exe	84
PID 1060 wrote to memory of 3828	1060	aa9760243385b0243db83cef08f94680N.exe	85
PID 1060 wrote to memory of 3828	1060	aa9760243385b0243db83cef08f94680N.exe	85
PID 1060 wrote to memory of 3828	1060	aa9760243385b0243db83cef08f94680N.exe	85

C:\Users\Admin\AppData\Local\Temp\aa9760243385b0243db83cef08f94680N.exe
"C:\Users\Admin\AppData\Local\Temp\aa9760243385b0243db83cef08f94680N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2496
- C:\Users\Admin\AppData\Local\Temp\_OneDrive for Business.lnk.exe
  "_OneDrive for Business.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.exe.tmp

Filesize
84KB

MD5
f89e360a54811b2f63cf23d63aec9e15

SHA1
7e9d35e5f0c995850e68eacd18764f1afe4d9b99

SHA256
69cec1d785f0d98711d8c1646e7bf1509206b9f378ed60ee9eb55f5f67141114

SHA512
48db436ac8dcab1207be880f51d97554365250b4a4eb15767fda536bec3cd137aeb425f113bd5b7f340ee7744cebc66ab59180a74bfb05fa6e381f18dfd5e099

Download Submit
C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

Filesize
39KB

MD5
f648b75d1987640a030ec2d5581ab48c

SHA1
72b3ffa8832d8493f2eb74d70faaaac025995439

SHA256
9fcf007da410b313dcfaf404b15283ca3a63046973deb2f8cee92697fd01f670

SHA512
154da0ec258d32b518523a774bf9986fc29367631c83eed0cf9049f6f9150e774ee483b8a0119797545672942d48557cd9255bdcf446c2a9e52e13c9993249c7

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
152KB

MD5
4bd0567e0fb07bf0c7e1e847b65c1bde

SHA1
f6e6274dee027808f071a8a3e42e4f42db6efd1c

SHA256
170c3ee2ba0ef5f366ca2cec7eea94e131ba3a2600819e48c408e6165d5a07e0

SHA512
62c8e65ccd23fe596d9c6206e3e9acd65f15dd6157ef4dca55f827a921d21aa584bd2de115d641a0e0b23727802e7db78c353d8d63fc7a414bd9d7cc7952edbf

Download Submit
C:\Program Files\7-Zip\7z.exe.tmp

Filesize
588KB

MD5
6393e3d2d8023ab95859bcc5eb5c3282

SHA1
3bfd512d2d5083dc931de1b8d9594d173d21f7b2

SHA256
b5386ea7932b10781b52815afc40c0518686f8348cb1eb5627ba59be6f3d2dae

SHA512
d8a071aa477374f72cfdf5af1330a2fdbb8f7270a0c36767e08164e8b067969b5e0527babdb8ba6c059c1feec9e937d4bdaa23a032f750f431f3c0c14d33a769

Download Submit
C:\Program Files\7-Zip\7z.sfx.tmp

Filesize
254KB

MD5
d76051cbd326caa64087cb3fc31a6a15

SHA1
f13e1763e966501903d0ab2455b14cb6e1e4d7fe

SHA256
7151fb097652edf80a1049bd9b4c487e3d42acdf8d8e0fd19a8bfa3ba348e9c5

SHA512
62c16388032f46430753e47df8f16f78c89f098822c78f24031607854312ebac15a3c18368d0f3fdaba2cd3a35249be9cdfd04a23a0518a6fade2befa10e4630

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
233KB

MD5
dfe66b89f36cb020546323cadc0fca0f

SHA1
d73ec1c4dd74246c7db57ca24dee5ddd3d0e1764

SHA256
77d08303b392d9570ca2729c601c4b6677062638cbbb02b136e42da0fc0ab9d1

SHA512
d8d49a049124f4b2ce2c15698733fef7e246d08a54d41681e09d1106e013c910740c400e8dfdd7c9c7e357eda8624ab5d39de4b1127b5f151209a26ad1f27630

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
975KB

MD5
2a6ff3b5075376c0501d449a36852759

SHA1
dd42350082db11b73cf55fc2944e97a5d428cab5

SHA256
dc2cebf09908efe2822efadc8a3dc699442797bae729cdfb589b58c69b934c84

SHA512
b32178b9ae0484980772b5c734ff5a2476aa8f2e5db17c34122b47b256bd4a47013d44291f99f5cef53a84fa69946770eea2dec3b317cc0542636a02d167db8e

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
728KB

MD5
489cd61c6221a87c17a9e40665b419e7

SHA1
d9b5d17448b6c1d8cc0e73fb5e702b2c416b4166

SHA256
3376630c87736c908e707ff85f6e09316c506428afb5090597603f26adf96b43

SHA512
641bc8ca249863f508189515702e29c4f63065d18d6984e2574e2903d704e603bb36cea58891b858bb7da88a3cc95603c4bd2f72b1bdeeb267e3e455a2365268

Download Submit
C:\Program Files\7-Zip\History.txt.tmp

Filesize
101KB

MD5
6de7c7e15a9997da58293a11838dcc50

SHA1
727b960d1e65263416797f90cef7e225177fc8f9

SHA256
8b550a6bbdd407277428e324134963f398677488a3875dbaa4ca604ba732640d

SHA512
cac83d14c69aacc7ae9774cd5bd3824e3acb8e47d09fbd76aef82f39e94220e41a49eddd8736b4fc243f11b00ad27dec5150129690a13cb35f86f2bc5053624d

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
49KB

MD5
b0796796f6d9e352b8a66685020570fa

SHA1
1026fbea74ec1ec55a5794d681fba9c80339a300

SHA256
1a2300cd59cf51e120cc94398c9cafc74914b24f7ee823c0c6ee2fac809b34fa

SHA512
d441e5dd19c465cb4b874a5ecb7f51796ea90b6d077cbb7f86c86c3929fc85c723fa804fb9d72db78e0621a04668eb5eccbe544bb3d84ade70b137f77db0a2d4

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
47KB

MD5
26bd65b6a7e2ef229ff4780ca38e45ff

SHA1
ebcdd2e64174fd1d0f599e13d6be11a9291787f5

SHA256
eee37c01a97052f85d534e800031ca11c3906c6ff6ea37374bd53e71311d3be1

SHA512
7a66cfcfa8dae231e4bc3b84cc7eb66fe6e211ded7dd6179237374c210009c61a920675c6b79f7119136ac3448540e7753fd89e5364e5a12a58ecee561708279

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
48KB

MD5
fdda6115e5003c7421c9bd077eb32aa8

SHA1
93c302f85e3ab0e771039881d07cc1ad01a3789e

SHA256
cc1bd87a8077d7bd1a9a7cae20a75700b36fe7cfb60593558c659faf6aed0ada

SHA512
f5178e16a19261a303b35b1032a20ee5391d9f878d19c47b31580c3c3dfc3b252ee86da88628ab69cf0a4d3de7c9d514d43932905a832c979ef8522818137ebe

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
53KB

MD5
8d487491f480b1adb590b9e4722bd3ff

SHA1
6a67a29c621b17955a0022784cab5607eee58f18

SHA256
f2fffbb57db394aeb95df89bc80a83767a44a4225bae611c9b09a89d901dea52

SHA512
c30d5934fa4b06dbec8b9aad4239d61d344cb772ed96c065180ddc0940a121fe2474ab52a0d749fa0ae7334acfb7def4ca43dca770f9ccbbb250e4e6bb8cc9a6

Download Submit
C:\Program Files\7-Zip\Lang\da.txt.tmp

Filesize
47KB

MD5
5d1abb1f920e8ebfd2fb73777f98946d

SHA1
f13ca96b68678e3dec72d0940ea1e3570fd3ac26

SHA256
c6c8bd432f8da65ee9ffaf444815cf9c76465236f47d0e9551cf8b8fee903bc4

SHA512
660f501b2fe7b604d132a5e93106bd610e16a88e950e714936dc3b78bc0ac549aec8038c0bd92ae4a67e2ed6415baa194e463a2cb42182abc0ef32f7de2aa6ab

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
56KB

MD5
230419a994305b57d61e7b7d6fbdb4cd

SHA1
730e2b719fd25fc4fdaa6b380b0aa7a6edd46dee

SHA256
00d76a7af5581953b4a3a579f5e766eecaf3c2f86fc06314314affc9ef8f6662

SHA512
b39f075c061600a30bb763d8ed47fe8eea1202e1e2ed9a36d15445f20d0fd4286eb224381769c4dc5bcf452dc326c4f51a9f660e27fad2502092b8ea7f9a596e

Download Submit
C:\Program Files\7-Zip\Lang\es.txt.tmp

Filesize
49KB

MD5
6cbfbb3e7dcebc5ab3db3b2122fae0a7

SHA1
f72d0c2bedce211debd29ad33513972278d641e6

SHA256
36b6c5b17f116ec7aae6e5677416018fc12fa3842af3a9adcd6fe8567ddc5cf2

SHA512
13a7a73e153fcaa80b4569ea99f19797a3f5d6988ebcea0016736890cf2f5f78558bd03d8937c65fac65471e9fc8165b954a4d5112225c937ce46c006f917c7c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
52KB

MD5
a9233a26e24115d003f3b9a19d478e9b

SHA1
103ac089a9c8be7f11b76bf8ac685304978af07d

SHA256
0e33513c927c81effb513357a53c43d42cfe88c6116880e5aa2199050c62d822

SHA512
2536633efd084ee3c294a580a51a2e8eadb0082bf5b6dd1f712946389860789fe3b483a0badea606236b81b9c77ecc8563a13267020c4e0cb639d6d7a906c007

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
58KB

MD5
44550c8c78892621bb618a40ed2e2cb2

SHA1
d4e609b83486702403868e4d942f70a6d6ca910b

SHA256
9d92eec06674e5c478941723355a9e634244d374a4b61427af6b944560477a66

SHA512
628a11416549079f704a9e1329c98d08b6ffcf8d26314995c840ffed9a30ed4cb6dbcba33fdca2b27e477393bf37ff86f0dffa69ca0f818dfae77320cab737f0

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
54KB

MD5
48d3a8fd8f586f41b83265b1d580a51e

SHA1
951a35cd1dc60e8bab3d8ff3dddc4350d36559e1

SHA256
cd923db8d527e49ed915a1e3482b9016694b392f412731c9db2bf0def8ab9388

SHA512
8f88b6b6e92241c284badbf8a163e69fe7ac91571b820f821491004f8a3e70e7b2d3be1247f06a0f1a6885cc311e678341e42f76e65d8039fa8175f053ddcb8d

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
52KB

MD5
060701c1886105d4e33f99f94596ca26

SHA1
a54f86e79a6a7a23514467b53e30bb59165c12a9

SHA256
1f432b39236d2344251a200717cee623e9c93809c6a1863563e7151f938fb84d

SHA512
70e55b57249edc1e7dd9f2618eada5f2d0b899896c4043acee87f6d692fc97382c4e8a05cab4d2fa5f6f13832d794299ffa0a839e3f339689ba8949cfdfc626d

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
39KB

MD5
f6d015cc25ce9b6f764cf59bbbf84400

SHA1
45914421b9822d22d9cc487e4ff251282557d933

SHA256
d3bc670c94d871d8387e5e1c73fe5932dce4b810f0d02f661e764b3ffaa78625

SHA512
577e4511f1fcca58a5ab5671c45d121c27aaa5b538fce283ac468f220e5713a089bc929ddc5dfb2e11fead48ed046d5b1075df7c4910f7009072b4748ed4022e

Download Submit
C:\Program Files\7-Zip\Lang\ga.txt.tmp

Filesize
52KB

MD5
ff7d5a0f95a18b22614f4be120c27b11

SHA1
f16502d53d6dc81d41638ac1a589485b1c948c5a

SHA256
ecaff1b494833ba2b886c4523f7eca6abb76d1095b30a7098f82899b99ae0196

SHA512
1f08b1c6648789125f6408a3586d205cec0fabf25bad05065d17751cb2a5a19f9975ad5840473dd92749d329d50713578bf417feb3fd2cfa8821e888d1232b08

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
48KB

MD5
66e78100f9a4f5b33307911c1ccbb39d

SHA1
2d3041fcf484a5463c3f7af2212067781b048487

SHA256
71aacdc11bdf1815ec0f53b7841731a0107f5b34a42a2dc6b6fcbd2a03faeef0

SHA512
93666a636016e05c8451de383f499790c219dc0a4b2baeccc9b7cb80101e15ff0480c9ebb14c633cb081fedf71f1e990e9275d88b2913b3979f12cc1ac22363b

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
56KB

MD5
151a6c3124bdb7ce7f8c78322a0437af

SHA1
d35993b617aa6d5dbdddc07dc8796f2856dcee9a

SHA256
827a15df24491d0a1f06e257fdb54add6c119d2c146cfe08b185355d4a5d08c4

SHA512
e07ceb3fc36517e1144628bef45869aeadcc1df77e02aa120e405436a8d250024d41083d26f48e6d02964b951876d444bb963d40a1c2c2ff9a59f3d8262c2ca1

Download Submit
C:\Program Files\7-Zip\Lang\he.txt.tmp

Filesize
50KB

MD5
e4e5c685e9e8f4b56bcc72585b250f62

SHA1
bfdf4a85424fc4b3b11f1a5489fe353761bbc80c

SHA256
a4ca118bfccc88dc17de822c9f8101879132e75cb5806cad12225aea2fe1f926

SHA512
f22eef5ad8397eed5504573ce060465c9865875bc57adbd6b063a2e51b1852fa28418597192c9602e2b6c62edcc1e3a8348c6e3d41964e7f7f691ae663818bd1

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
62KB

MD5
84b439f59e53722a504bf2e5c64a6cb0

SHA1
ac671b2d008f1a99e13d113d9461f69f2d6d877f

SHA256
07bdc25426227a9a72683462ebfc8a1883418884f715eb0bf3c2fe24280ed437

SHA512
5ffe41bc65a069c8e0c87ec730594b67a9223fb42ca218834ff5f49e2c22accbdd29f018e64d7318ccbab493d841389dc92092f97d150d93e49c590be2a12641

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
39KB

MD5
b41f672a4a4275a25a4486b87672f645

SHA1
7d8627abceb763757cdf722382c1b5932c40ac76

SHA256
87c053ffe79146026ed804a5f5bb0fc1b2d811c5ca55f81181846146f696ad50

SHA512
f86c04ce60b94f3b714009c94bf8225ca49fcbebcc46c08b384581c6471cac0cb82b5010113a3661518168d01447055edf68ceed7774bc8010a49522e3a1bc1c

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
54KB

MD5
8ee758e8c0222081e03aff90e040bbeb

SHA1
cd20d826d0653dd6ca926345ff5ee5cde9219a4f

SHA256
9303c125db52eda3ac5a2ae4ab07600f16acbe26253d2c9af3eeb3c7065bf0af

SHA512
8184ff01a33184e65cf1af2e052d4079ed1866ec7bb9cdccfdd49ae2534981b51007c8cb10b11b496db2e75a3f163ffb81a8c5bce72606317e66c77ace777e27

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
58KB

MD5
42bdcc1a6ba9581566f912a7bd72eb0c

SHA1
a7dc7eb7a885c27a6b3fb0c3f5fbefb7d0cb9a83

SHA256
d3ff7aa2cc6b4e1126b92f16ae7b76a55fc144cb210ee1c330186fd8bbaf9fd7

SHA512
94061aff643e958f1554314d193f31954191e2b43a15ed9750bfa20818dec3a6f51af048be3853c90655ed731fdef8a2a800ba4a4f98ad7633084f53b7d323a1

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
53KB

MD5
740bab582a0ae0e463519c6fea8ba111

SHA1
0c78ad8181e408117066116b471396fc5178f200

SHA256
b4199452bc0ef9f34bc44a6ed3254b18d02c023092bed34f1bde561f12c38ce3

SHA512
18e657e8fa4728814e9737f26c0a12c0d46c530dd96d2f67467939ba779d7f3e83975ed26a5005444a1e6de924426f5a4f0b8aa50e6a8907034b4f7abe8cbb5f

Download Submit
C:\Program Files\7-Zip\Lang\io.txt.tmp

Filesize
39KB

MD5
1351a9aa44cc0c117a999f6d5bd1d745

SHA1
18fe6678abe9781674515bec5baac94d43b99265

SHA256
ffb0c63b86dc0ecfd6be1444ff42a5ba95e98d89ce3af21ef1094ffc4940334e

SHA512
c436f5839531a8fdc47ce2c4761f09e8e39e69cb6672ab94250d164857b3f0a689c9f960fc5ab83133fa291f4566e94618b6072520c7315dbf19b57e51471347

Download Submit
C:\Program Files\7-Zip\Lang\is.txt.tmp

Filesize
53KB

MD5
f99c48fae56515298726494ef3fe00fa

SHA1
518ae77c66798a0a9ee88caa343684fc2089ab16

SHA256
fcdb89e08d044fffb3291475c0ebf8864b3a05fb1644ddf03e973f7b0173675a

SHA512
e9149d80d81597b5e7a56125278cfd15a476d29e7c764df6ec5b7c8b31eaa9d1930abd20f317ba5437d1c0b1f8dd8bef41580ff6f252936a60647d36be9da01f

Download Submit
C:\Program Files\7-Zip\Lang\ja.txt.tmp

Filesize
56KB

MD5
c682c71b8259ad955979182db1a6197e

SHA1
4eb846afc3827f39b77b0ef3cba8900149506938

SHA256
c671c9a8f9ef87438a22918c414fb43bad51ca75535c5bf9715b1e34c268913d

SHA512
952ce8d9d01418ccb6ea4a44f0d03f8dfdfb960a2288c0030ac3991bc8fcb492d3bd299ebb60990484e688b63c1b76cb4cefd693d2f88e1302b313a470b14bb5

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
52KB

MD5
d856bb742c6e16899e21f3ac149e30cd

SHA1
efe5ead02cb605eefdb57e0fa6060ace841c357c

SHA256
ee8978949df99c2f39b6d6ccc18d1e36857ad73454ae9284a1292e928cb1c6fe

SHA512
c68d6863db1a1e7ee575f54b471a05a71716cff1a20f73f2a285c11b5690c55a15c4a87ba70d4cfb08aeba1180df9e1bee27936d0270f116de8a12e214c37252

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
53KB

MD5
3da500cb0fc8a22b6c54f21b5134b3fa

SHA1
4063af3ae168d5260cc6abe14af9edcf4bb379ca

SHA256
dcbe2fecc41e4101d02d3a65fdd5b2156f3f7547dbf7282a2668e0b703a27194

SHA512
01bac9b86ad033712b0e9cf792ff41d40a461926e316f0e871ced9dd902b438e0a0db22e93558ec900dd127d7eb430e8fea624fb145e3edd889aa69eac7af869

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
54KB

MD5
985e56a0863b452ea0c50904e0b50cbb

SHA1
41e5f9ca4161902fba4d3eb63d079184c967c764

SHA256
9cb6bfa481bd682d51891c81f259afcbec57b487c640fb35faa24dd8f0ef4e93

SHA512
0f93ebc0ae9600430b1242d930b3541396918d79fab10d4d5793947b6adb84d81195c7bfbb0ad209e616392bd80708bf2d1f38a643e7502707626760a5497c11

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
54KB

MD5
330569be6a196d2151138fec507804e3

SHA1
39c7a113620b590aadf569070561700903dec9ea

SHA256
b55e85cb0bf5d201af4a509116557ad28a80269e24c59f24d880a2cc0605904c

SHA512
988ae7874d0c45fa865e21b5d1de3dab8e7d7766d61a08e0df5eb145e09907a8a1e2b0bd3224a9f9883254a854730c26c2701cb0316ed9d89806fd63880c1e95

Download Submit
C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp

Filesize
51KB

MD5
ab8bdffc843d185ecb9918a575bf263a

SHA1
abd5f9a01b9042cda8b46de16dd7bd939a1448d9

SHA256
8e7c29dd19b4cbee770165ea8e3a24d23c2f80b91466746520ef646272428894

SHA512
8da6feefc71644c58e76a54ad3cf7b2a6355db3cc60bf0c2ffa261c81e4dabb50a9729ae690ef97fce052afca65c9b63fe03d2531a5264b9e936121c165f1f45

Download Submit
C:\Program Files\7-Zip\Lang\lij.txt.tmp

Filesize
44KB

MD5
f22b465ac1e62cd5ef8930c1c970ea99

SHA1
4303c8c89a0bb8ea8ecd9feff335d0680c31d412

SHA256
94418db609f0a0fa90cfc266135d495a002349b75ca2b6130224628a1886aacd

SHA512
4f86382eb5e7c86d71f867ad8bd8d4136c9330c2cc76045af02c252894827fbb18bdb0e7e902a21a94ca404eafe7440ed58cfb02b7748e38a7d14fdcaca33cc7

Download Submit
C:\Program Files\7-Zip\Lang\lv.txt.tmp

Filesize
44KB

MD5
e03f752a32a444dc9b18435c9153278b

SHA1
59144ecba974afdeb12c1d441d95682640ea7395

SHA256
e5bf9490f815d4006f09329c103c201be794da0292e4d2f88e49c5ec792a9494

SHA512
9e7fe961be99049322460ffa9c68287e2e10c9412f3dbcbaeb6206734e2c035a950ef0f7b9dcceda33c7ba5c5373880a0afce35977d9cc287c9ee2de00ce17d0

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
53KB

MD5
dd423cde01c45d97ef2e019701a82e4a

SHA1
e732dc196adc390cc191e902426c7a9758b28149

SHA256
d3808e553a131c29542c650541cb81bbac78f0aea2803ee261717a83448e67a6

SHA512
11309e09369ac05b5cc814faafe90c2e4e987f679d4f65a4c1900f0bced65af103635062e853fdc7e00f39aebc2ff08ab4409b067668d73d3b2bb71839efc46c

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
53KB

MD5
741d4d573edc05b24effe35ba2f49a40

SHA1
33dc5ddc68b0e211ae1bca3086dd0f2eab3767d0

SHA256
226045879da3829670f9aa1d4a1007787fbaee19476b0344e098eea9286e197f

SHA512
4ced7078c73b0fef2617c6914dd6064e933cdf309bf62174ff5ff727e14a6a4d90628d733c77aadc63a67f2889bb6129d388e883ca04849c5711f1e7700c6393

Download Submit
C:\Program Files\7-Zip\Lang\mng.txt.tmp

Filesize
59KB

MD5
7323591accdc011d0340e8841340154a

SHA1
0a8f0c65ad1d8ba343df9707b68ce41f832a94ed

SHA256
6ad37ae857affff59a8fb37a6f92f682c4cd37cbfe0e561380819535f7ce342e

SHA512
2c3afdd67ed8601c6244c4cf7f9671e715f667f0b3dad546f93809f13f39727c9ba062954b2435aebdeb6e73d271f1cc2a4c92c17b1c86537f1e66721391e078

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
49KB

MD5
0b599bfd79644fff58c46f03fecf8374

SHA1
1aace98f3f2d5a471e2f3aced75a1362be3e6775

SHA256
0cdcbdce38f365bd94dc3153083d22d77b161598c99aac6c43f84d4ab93b7ed0

SHA512
b393d212032d80a421932c7ef6e7dd4b7e9e30f9c6db07be0bf3e18f4df01d2d64350736e0ec6d2d859b5d21c1ed89e16e6fa5b95b6797545384ae3cfb84b7df

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
45KB

MD5
dda6cdf62ea21c8e2188cdfc137aeb1d

SHA1
d196466fe13c4e65c6577600191c5dd79fe97b40

SHA256
f8a1ce3492d8322dfeaf5f764dcdfa45284c652ac3f845abcb0e1724c7c0448c

SHA512
c6f71764cfa79f4ebc3bd45444b24caf6696614eb5518e36c03da64073f9851b4aa988d5c7d8a95e71c92e571ff55f2ab5953b4629b3037029d672ee1ab0783b

Download Submit
C:\Program Files\7-Zip\Lang\ne.txt.tmp

Filesize
52KB

MD5
49660f89b8118b7639f9ff3f936f63cb

SHA1
421735bc32cd8de607ab51c6e686b451eed65886

SHA256
d7cca6808b5c4ec171413cb46c8a10d92395e76de21b7c35e1a326ed4be6d2bf

SHA512
5fd15e9135bf0a860c325af95be50f7f9ae8d2e7b0f2bc2aad662608bd51824def006cafac77e366c2dbad2c7656d6fece1f68133438cbdc68b43b5c3c92c358

Download Submit
C:\Program Files\7-Zip\Lang\nl.txt.tmp

Filesize
48KB

MD5
fd92d392eab881311233e99522f34195

SHA1
8cc6baf6565440ffb57ba3ffd39da3edb6e80624

SHA256
e2932186700313a9827a71eb1e0c8f2720c4506ebd467a1a8107ccddee850d98

SHA512
108dafe5fa91877a828d44f2c10b65d6fbfaf335e9d0eafc34c4895ba83682e95c67ea062dd9c18c3a1a69b756c2dd4c84bec073046bdf53cb6f7dbcb583736d

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
45KB

MD5
efd1f7f0f78b3ab490a3f4b83e7b7fbe

SHA1
e2ffa6a0a9ccbc4fa0f5dbe85b8b7091bead8259

SHA256
e3e66efe2d3f6c37228adfc6967a83402595b927bf84e85c60c38e2bdafc2854

SHA512
9cc61f13531e4bc4ccf5dc1aa492dcb62ef7a9e70a327932f6ee2c518096d8987a8568403abc119f8ce386d7b4ae87fcee27f826bd95e00225833bbb4442f81e

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
53KB

MD5
dae1cd7f0979349faa321ecfdc665dfb

SHA1
75c350a98f16dd4baa9f0a5581200954a17ae3fd

SHA256
472a7859c150e3fe6788cfb7202a82e29f0b31fda668244af41e96e9970e8fc6

SHA512
4e330874b508b40a914e69629ba5884efb63f0174a11f771de6bc16c338c49993aace9834b648ae78cc1daf6953d3a685d6b766fb619b6040a45aa155fa19997

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
54KB

MD5
6d2ea0aa9331f83cb23ba5719baa950c

SHA1
8300e0ee1628f9413047502e65693cad4c46c5d2

SHA256
a8acb14a97a72ccbf21aaea4b6941f26a7b2b1c3eba889dd0cb93ea25a251f9f

SHA512
a1ec8ce8e202e1abb752662ccfa1227cedcc4448e1f1ad58a1ce4847aba89492892e5536570c1552e775d9c95a8274f02cce4ccd6020e3508ce925d2a6b073b3

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
59KB

MD5
d392c677d9b1a165f11358f19295f2fb

SHA1
9b2c7f7a96753e64a00ee3a32eb33ec2bfc50633

SHA256
e2cda6dcb45be1d55829d3dd2447b4d55810d1c4b5df653c2a570096285ac4d3

SHA512
4b3503762443dfde908ffc808d9cc324e65933f1d391b5c2fd89befc143e8b09207df53140510e4a27b50459498822c249c7985c61547f9fda318a98e3dbef86

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
63KB

MD5
55aef3866abe05c73eb782193001a319

SHA1
4cf54dafd785521b2ba592c66092074485580094

SHA256
86547364b77f46c202f2238415989be50448c68470649ca72bd9f4f34473e7e8

SHA512
e603d5a203bb179d189a314360809faeac12f24ef9be46e847b94a2ace31d52e04ff01412639fb2af27943fb3f5a3b47a3cce1a4ddb7bbd1d446b774ca96b2a1

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
63KB

MD5
ac51b176895ccf0db6774753109c05c9

SHA1
0369468c01b727ecea30563f53b2d835628e9e2e

SHA256
ab56e9ab5adc46fc89cf8e5760049c6ffbdbdabbd7071a170bc9a35532faae72

SHA512
bc8cf85b5d5629af504eac7375652716ddfa00171da91283c8f4264f0fc714c8251ac117db7172c3f107fe7e6183eb82499b6915ee6d59add978e8e4e4991d9f

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
48KB

MD5
45e8b700f817a290c8aa5f81d393c7a1

SHA1
c94f638cb04b868ebb2208f5bade574b446855bd

SHA256
7339a31bafd5b09603f715e664cc9c3ce8fbb75b93543dfe5ec12348fb6aeb50

SHA512
d55d670c514be3f62fde7113723d29a59bf7a4eae8b770559d78b4c1939db27f03da4d85bd3d917a7ba6ce93b37b6a5bcd3d53ccd338cba5ffea228ddc2bd011

Download Submit
C:\Program Files\7-Zip\descript.ion.tmp

Filesize
45KB

MD5
600638e56dbe6c1f47ae99a1b68a377b

SHA1
3f95cbfdbf4126f107f17b42ccd12ce8b77041a6

SHA256
839e12967204f7f857c0bda5b5974d4d900632c9e206b9f5b931215145ed2499

SHA512
3db447a91af5ec8ce82761777ccb74196fa9b10397459f3f5af8363bb2f0bd14e2aeb7e9ddb1cf674e1cc0f07b963592b0cc191b453277eaa3b48678d005991e

Download Submit
C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp

Filesize
50KB

MD5
009b6b5d26329284ba2b048442355ab7

SHA1
edbdf0426b80821c9c732842536a51914a87408e

SHA256
9fc637a0b94227ad04f942fdb20b255d478eee100f26762ea8acb82ab94e2a6c

SHA512
f4d98bc5df10d3335b21378633241c6c54c8d148e83dd977053f270b434c4bd72d50765193f2df3c8a39df1cb62120dd4862144fe71d086257ce9044290bf794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_OneDrive for Business.lnk.exe

Filesize
44KB

MD5
94345313e307b0f42c56562e700d00a9

SHA1
a1f1d25419cded9c68a633b458799919f222a3db

SHA256
eac931b175c5e87bb8240088f9040d82998f85760dc012a30f43c63db4731ea3

SHA512
4bf08fbf92cf8e834c7cb99fe6d302641961cd08e94c870bab3031cc533cb758ff8f67936373938fc280c42a6bf5962ef74ac61f9963eb013e0838a9d87cc6c9

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
39KB

MD5
8ee65f0aa7b9cd0b7247c00045bd9d1a

SHA1
e1e32ae943392f83abf872ce6631162344364295

SHA256
7b6297235da8556b5a7c339a61f1e45a6f82517e7abfdc88d4fedae52e0571e6

SHA512
5b11d4b830f96f5760a6bff770079453d1fff1d2bcae5c49afa0af59c64723aadfc42e73376983d0980ee778c7e2cab07e18a70d9374a4e0e59f195b46ba87e8

Download Submit